[00:00.700 --> 00:05.580]  Welcome to my talk. I'm going to be chatting about wafer locks today and why they're awesome.
[00:06.080 --> 00:10.160]  It's going to be very theoretical, and it's going to be mainly coming at this from the
[00:10.160 --> 00:14.100]  lock engineer's perspective, if I might be allowed to flatter myself.
[00:14.700 --> 00:20.960]  I'll start by telling you a bit about who I am. And then I'll cover some definitions so that
[00:20.960 --> 00:26.440]  we're all on the same page. And then I'll show you a small selection of wafer locks through my eyes.
[00:28.140 --> 00:33.860]  So who is this loon who thinks wafer locks are pretty secure? Well, it all started about three
[00:33.860 --> 00:40.020]  years ago, when I thought it would be a good idea to design a challenge lock for HuxleyPig69,
[00:40.020 --> 00:44.600]  who is renowned in the lockpicking community for being the first person to publicly pick
[00:44.600 --> 00:53.340]  the Abloy Classic, and who designs tools for cracking high security locks non-destructively.
[00:56.390 --> 01:03.370]  In the last year or so of this now three-year journey, most of my focus has been taken up by
[01:03.370 --> 01:11.490]  wafer locks. And that's not because I've finally broken down mentally and started rambling,
[01:11.490 --> 01:19.030]  but rather because I genuinely think they offer a good solution to the problem of designing a
[01:19.030 --> 01:26.710]  high-security lock. So what makes a lock high security? Well, a lock is a reusable seal,
[01:26.710 --> 01:32.650]  which has two important properties. It's got to be tamper-evident, so that if the lock is defeated,
[01:32.650 --> 01:40.770]  it's obvious. And the second important feature is that defeating that lock should take as long
[01:40.770 --> 01:49.600]  as possible. Ideally, you're able to preclude covert and surreptitious attacks,
[01:50.760 --> 01:55.030]  and ideally an overt entry will take forever.
[01:56.900 --> 02:01.160]  An overt entry is one that is immediately obvious,
[02:01.160 --> 02:04.910]  so that's typically destructive attacks like drilling or using explosives.
[02:06.740 --> 02:15.660]  Covert entry is an attack on a lock that won't be immediately obvious to a casual observation,
[02:15.660 --> 02:19.280]  but if you were to strip the lock down and analyze it forensically,
[02:19.280 --> 02:25.360]  it will reveal what method was used to open it. So this normally covers lock picking and
[02:25.360 --> 02:29.120]  impressioning, because they leave small scratches and marks on the inside of the lock.
[02:30.160 --> 02:35.680]  And finally, there's surreptitious attacks, which don't leave any forensic trace whatsoever,
[02:35.680 --> 02:39.900]  and this would be stuff like duplicating the key from a photograph.
[02:42.220 --> 02:49.880]  And how high security a lock is is determined by the amount of time it takes to compromise a lock
[02:49.880 --> 02:55.840]  with an attack in each of those categories. Ideally, you wouldn't be measuring that in
[02:55.840 --> 03:00.480]  seconds. Ideally, you'd be measuring it in minutes or, you know, in a really,
[03:00.480 --> 03:04.500]  really good world where security engineers are doing a fantastic job in hours.
[03:06.480 --> 03:14.300]  So, since those locks are designed, or since high security locks are designed to make lock picking
[03:14.300 --> 03:22.420]  and impressioning attacks as difficult as possible, if not impossible, a lot of them have been designed
[03:22.420 --> 03:30.560]  with some very wacky mechanisms. So you can't always take the approach that you would normally
[03:30.560 --> 03:36.540]  take if you were picking a pin tumbler lock and apply that directly to a high security lock.
[03:37.620 --> 03:43.360]  So instead, I've kind of abstracted the lock picking process into these four requirements.
[03:44.040 --> 03:48.020]  You need to be able to get feedback from the lock, because that's how you tell what state
[03:48.020 --> 03:53.620]  the lock is in and how close you are to having it open. And it also tells you what your next
[03:53.620 --> 04:00.280]  step might be to get the lock open. You need to be able to manipulate and tension the lock
[04:00.280 --> 04:08.640]  simultaneously. So some locks like the Western Electric 30C or the Abloy Protech 2 have blocking
[04:08.640 --> 04:14.400]  mechanisms that, while not preventing manipulation or tension, prevent you from doing them both at
[04:14.400 --> 04:22.300]  the same time. And so they're phenomenally difficult locks to pick as a result. By tension,
[04:22.300 --> 04:29.200]  I mean applying a force on the lock in the direction that drives it to open.
[04:30.280 --> 04:37.040]  So how you do that depends on the particular kind of lock. But the key idea behind this is that
[04:37.040 --> 04:41.780]  since it's impossible to manufacture the components in a lock perfectly,
[04:42.600 --> 04:44.880]  and you have manufacturing tolerances,
[04:46.380 --> 04:50.900]  these manufacturing tolerances result in every single component being very slightly differently
[04:50.900 --> 04:58.860]  sized or shaped, which then causes them all to behave very slightly differently.
[04:58.860 --> 05:02.820]  And that's the case regardless of how well you machine the parts,
[05:02.820 --> 05:07.400]  and regardless of whether or not you have a very low quality lock or a very high quality lock.
[05:08.720 --> 05:12.980]  And finally, manipulation. Manipulation is just the ability to
[05:12.980 --> 05:18.040]  move the components inside the lock with a tool of some design.
[05:20.160 --> 05:25.880]  Those are the things to keep in mind when I start taking you through these locks.
[05:27.200 --> 05:33.720]  So what is a wafer lock? This should be pretty straightforward, but
[05:35.640 --> 05:41.320]  apparently for some people that that's not quite so clear. Some people whom I happen to have a lot
[05:41.320 --> 05:47.980]  of respect for, so that is not to criticize them in that sense, but I do disagree. And
[05:49.340 --> 05:55.200]  the reason I disagree sometimes with whether or not a lock is a wafer lock or not is because this
[05:55.200 --> 06:00.640]  is how I define it. And if you're working off a different definition, then obviously in some
[06:00.640 --> 06:06.620]  cases you're going to get to a different answer. So we've got some typical sliders shown in the
[06:06.620 --> 06:13.860]  top corner here. These two are from an Asidesmo, which is a reasonably high security lock,
[06:13.860 --> 06:18.460]  but not one that I would probably deem high security for the purposes of this talk.
[06:19.080 --> 06:25.200]  And these are from a cheap wafer lock, not wafer lock, slider lock.
[06:27.320 --> 06:32.420]  And in both cases they slide laterally and they have to be slid the correct distance
[06:34.740 --> 06:42.000]  to allow the lock to open. A wafer lock is a special kind of slider lock where the total
[06:42.760 --> 06:50.120]  length of the wafer is the same as the width of the core that they actually sit in. So
[06:51.240 --> 06:58.680]  here's an animation to kind of make that a little bit clearer. When the wafer is incorrectly
[06:58.680 --> 07:04.980]  positioned, it sticks out either one side or the other and prevents rotation. And when it's
[07:04.980 --> 07:11.280]  perfectly correctly positioned in the center there, it will allow rotation.
[07:15.920 --> 07:20.020]  So to start things off, let's take a look at the kind of wafer lock that you're probably familiar
[07:20.020 --> 07:25.620]  with and the kind of thing that probably sprang to mind when you first read the word wafer lock,
[07:25.620 --> 07:29.940]  if you've had any prior experience. If you haven't got any clue what a wafer lock is
[07:29.940 --> 07:33.880]  in a normal implementation, then that's exactly what I'm going to take you through.
[07:35.160 --> 07:40.420]  So at the top here we can see six wafers sticking out the top of this core.
[07:42.440 --> 07:44.400]  And this is the lock at rest.
[07:46.460 --> 07:56.580]  If we insert an incorrect key, or if we insert the correct key but not all the way,
[07:56.580 --> 08:03.220]  then what you'll see is that some wafers will stick out at the top and some wafers will stick
[08:03.220 --> 08:10.480]  out at the bottom of the core. And this will prevent rotation. When the key is fully inserted,
[08:10.480 --> 08:17.140]  or the correct key is fully inserted, then what happens is they all line up along the top and
[08:17.140 --> 08:26.940]  bottom edges of the plug, or the core, and they allow rotation of the core. So, excellent.
[08:28.140 --> 08:34.180]  But that's not a high security lock. There are three cuts per position and only six wafers,
[08:34.180 --> 08:39.640]  so that's not a very large number of differs. The core design makes it very easy to tension,
[08:39.640 --> 08:45.960]  you can just bend a piece of wire and insert that, apply rotational force, and voila, you have
[08:46.600 --> 08:55.080]  tension. And interestingly about wafer locks, you can't just design anti-pick shapes into them
[08:55.080 --> 09:00.380]  in the exact same way that you would a pin tumbler lock. It's possible to do,
[09:01.040 --> 09:07.520]  but it's a little bit more tricky than for a normal pin tumbler lock.
[09:09.700 --> 09:17.600]  So, now that I've shown you an example of a really bad wafer lock, let's revisit the actual
[09:17.600 --> 09:25.060]  principle behind wafer locks, and maybe I can show you a wafer lock that wouldn't be so easy to pick.
[09:26.360 --> 09:34.660]  The main idea here is to approach the design differently. So, rather than our cheap,
[09:34.660 --> 09:41.740]  low-quality wafer lock, which has a key which applies tension to the core, and then the core
[09:41.740 --> 09:49.980]  applies tension to the wafers, and ultimately opens the lock, we can achieve a much, much higher
[09:49.980 --> 09:55.780]  level of security if instead, we have the key only act on the wafers, and never directly act
[09:55.780 --> 10:01.380]  on the core. So, if we have a key that aligns the wafers correctly, and applies turning force
[10:01.380 --> 10:06.100]  to the wafers, and then the wafers transfer their turning force to the core,
[10:06.100 --> 10:11.420]  if they're correctly aligned, the lock will still work, but it's a lot, lot harder to tension.
[10:13.080 --> 10:19.000]  So, to show you what I'm talking about, here's another animation. This one, much less well-made
[10:19.000 --> 10:27.880]  than the other one. This grey bit in the middle is our key, the beige-yellow element is the wafer,
[10:28.580 --> 10:34.540]  the part highlighted in blue is the core, and all around the outside in grey again is the housing.
[10:36.280 --> 10:41.560]  So, the way this works, the key is longer on one side than it is on the other, and when we turn it
[10:41.560 --> 10:49.340]  clockwise, it makes contact with the wafer on one side first. So, in this case, it makes contact
[10:49.340 --> 10:56.880]  at the bottom, and that causes the wafer to slide to the left. And the wafer slides to the left until
[10:56.880 --> 11:04.620]  it meets the other side of the key, at which point there's no longer a lateral motion for the wafer,
[11:04.620 --> 11:09.960]  but instead it gets jammed in place like that, and the force on it becomes a rotational force.
[11:10.560 --> 11:15.240]  In this case, the wafer is correctly aligned, so that rotational force is then
[11:16.260 --> 11:22.820]  transferred to the core, and that results in the core turning. If it weren't correctly aligned,
[11:22.820 --> 11:27.300]  then what would happen instead is that rotational force would be applied to the housing,
[11:27.300 --> 11:36.120]  and the core wouldn't move at all. If you want to have a system that works that way,
[11:36.120 --> 11:43.360]  then there are two key requirements that you need to meet. Firstly, as I just mentioned,
[11:43.360 --> 11:46.480]  the wafer has to be aligned correctly, otherwise it's going to apply that rotational force to
[11:46.480 --> 11:52.760]  the housing, and nothing will move. And secondly, the key must have at least two points of contact
[11:52.760 --> 11:58.300]  on the wafer, on opposing sides of the wafer. That's the point at which that lateral force
[11:58.300 --> 12:01.480]  is translated into a rotational force.
[12:05.320 --> 12:10.480]  That's something to keep in mind for later when we take a look at some of the more interesting
[12:10.480 --> 12:18.520]  locks. So the main implication of this is that the lock becomes ludicrously difficult to tension,
[12:18.520 --> 12:25.760]  because traditionally what you would do is you'd apply tension as the first step in the lock
[12:25.760 --> 12:32.040]  process. And when you do that, at least one of the elements is going to bind in some way.
[12:32.220 --> 12:38.440]  And then you can reach through with some kind of tool and prod on those elements until you find
[12:38.440 --> 12:43.240]  one that's binding, and that's the one that you know you need to move. And you can move until it
[12:43.240 --> 12:47.720]  stops binding, at which point you know you've correctly positioned it. But that's not possible
[12:47.720 --> 12:52.660]  with this, because in this case you're going to have to align one of the wafers correctly first
[12:52.660 --> 12:59.160]  in order to apply tension. And since you can't apply tension before that point in order to know
[12:59.160 --> 13:06.600]  where to place it, you have to guess. So in the example animation that we just looked at,
[13:06.600 --> 13:13.700]  if I go back, there are six possible positions. So that means you would need a tool that has
[13:13.700 --> 13:17.940]  six different ends on it to simulate the key at that point.
[13:19.100 --> 13:24.460]  And what that means is that because only one of those tools will work, the whole lock picking
[13:24.460 --> 13:31.880]  process, and how quickly you can open that lock covertly, is massively extended, because you're
[13:32.380 --> 13:38.100]  going to have to test each of those tools until you find one that works. And on average, it would
[13:38.100 --> 13:47.080]  take you three and a half tries. So the amount of time it would take is massively increased,
[13:47.080 --> 13:51.680]  because that's the requirement before you can even begin the lock picking process,
[13:51.680 --> 13:56.180]  compared to other kinds of lock, where you can just apply tension and get started straight away.
[14:01.520 --> 14:06.600]  So the main wafer lock that I want to look at is the Chroma Protector.
[14:09.240 --> 14:16.140]  But there are a number of problems looking at the Chroma Protector. At the time that I started
[14:16.140 --> 14:22.680]  thinking about it, I didn't own one, so that made looking at how it worked tricky.
[14:24.860 --> 14:30.280]  And generally, information on it is scarce. Here are the sources that I've found and I've
[14:30.280 --> 14:36.980]  learned from. It's worth noting that Graham Pulford, in his book High Security Mechanical
[14:36.980 --> 14:43.860]  Locks, refers to the Chroma Protector as a lever lock. Now he does this because he categorizes
[14:43.860 --> 14:51.100]  locks based off the design of the keys. But I think it would be very misleading to describe
[14:51.100 --> 14:57.680]  the Chroma Protector as anything other than a wafer lock. And if you really want to dig into
[14:57.680 --> 15:04.180]  the detail of the Chroma Protector and exactly how it works, Jakob Fagerlund's talk is absolutely
[15:04.180 --> 15:18.160]  fantastic and I highly, highly recommend it. So as I was saying, the Chroma Protector
[15:19.140 --> 15:24.240]  is a lock that I didn't have access to, so there was a motivation to make one for myself
[15:26.420 --> 15:31.340]  and so that I could test whether or not it worked in the way that I thought it did.
[15:31.340 --> 15:36.400]  I'd been thinking about it theoretically for quite a long time, but things don't always
[15:36.400 --> 15:40.720]  translate into practice in the same way. So I wanted a prototype that I could play around with
[15:40.720 --> 15:49.080]  and that would prove whether or not it worked in the way I expected it to. The other reason is,
[15:49.080 --> 15:56.440]  when you design a lock, you tend to gain a lot of insight into how that mechanism works and why
[15:56.440 --> 16:03.480]  some of the design features have developed in the way that they have. And so my hope was that
[16:03.480 --> 16:07.600]  since the Chroma Protector is a reasonably complicated lock in terms of some of the
[16:07.600 --> 16:16.520]  particular security features that are found in it, that I might gain some extra insight.
[16:20.520 --> 16:29.740]  So I've previously designed locks and the only one that I ever produced was made of
[16:30.220 --> 16:35.860]  three millimeter plywood sections cut with a laser cutter. So that's exactly what I wanted
[16:35.860 --> 16:39.500]  to do again with the Chroma Protector because I had access to a laser cutter and I had access
[16:39.500 --> 16:47.860]  to 3D printers and so that was the logical step for me. And I couldn't see any reason why the
[16:47.860 --> 16:53.820]  design couldn't work that way. I wanted to fit the same size as the Chroma Protector that I now have
[16:53.820 --> 17:04.730]  because if you design with the same constraints as the actual engineers who designed the lock,
[17:04.730 --> 17:11.750]  whose inspiration you're taking, you'll get a better understanding of why they've made those
[17:11.750 --> 17:16.310]  decisions. If I didn't limit myself in that way, I might miss important details.
[17:18.030 --> 17:22.010]  And finally, I wanted to include all of the different basic possible
[17:22.010 --> 17:26.370]  way for designs that I had found in patents up until that time. So
[17:26.930 --> 17:36.010]  if I take you back here, there are some examples, but we'll dig into that in just a little bit.
[17:36.250 --> 17:41.130]  Some of the other requirements that I set for myself were that I wanted it to be springless.
[17:42.090 --> 17:45.990]  And I wanted it to be springless because A, I couldn't see a good reason why
[17:45.990 --> 17:54.730]  the mechanism needed springs at the time, and B, because most safe locks are designed so that
[17:54.730 --> 18:01.330]  since springs fail generally first, most safe locks are designed so that they are not
[18:02.450 --> 18:04.990]  dependent on those springs in order to function.
[18:06.650 --> 18:12.710]  Because you don't want to have your secure lock inside your secure container fail on you.
[18:14.190 --> 18:20.610]  And also adding them, point B, is a bit of a pain and makes designing them a lot harder,
[18:20.610 --> 18:25.370]  designing the whole lock a little bit harder, especially if I were then to give this design
[18:25.370 --> 18:33.370]  to other people for them to learn about. I wanted it to be as high security as you
[18:33.370 --> 18:38.970]  can possibly get, considering I'm making it out of three millimeter plywood.
[18:40.630 --> 18:44.590]  So I didn't, in terms of non-destructive entry, I didn't want it to be possible to just
[18:44.590 --> 18:48.170]  look at the insides of the wafers through the keyway
[18:48.650 --> 18:55.670]  and from their shapes discern what the bitting on the key needed to be,
[18:55.670 --> 19:00.710]  or needs to be to get that lock open. I also didn't want it to be possible to just push
[19:00.710 --> 19:06.670]  the wafers to their maximum range, left and right, and for that to be different.
[19:07.930 --> 19:10.770]  Because if that's different and has any kind of relationship
[19:11.270 --> 19:18.970]  to the actual length on the sides of the wafers, then you can rapidly gain an idea of
[19:19.930 --> 19:22.170]  what the key has to look like.
[19:24.530 --> 19:27.570]  And then I wanted the lock to also be self-scrambling.
[19:28.450 --> 19:33.370]  So self-scrambling is this concept that all locks do, and lots of locks do this through
[19:33.370 --> 19:40.430]  having springs, but that's not necessarily required. The idea behind a self-scrambling
[19:40.430 --> 19:47.170]  lock is simply that when you insert the key to open the lock, and you turn that key,
[19:47.170 --> 19:52.510]  it aligns all the components in their correct positions. And if you then close the lock,
[19:52.510 --> 19:56.390]  one of the important things would be to scramble the positions of those components
[19:56.390 --> 20:00.510]  so that the next person coming along who looks at the lock after you've locked it
[20:01.270 --> 20:06.370]  doesn't just need to stick in a small bit of wire and apply a bit of tension, and the lock pops open.
[20:08.390 --> 20:14.590]  I didn't want it to be a central wafer position. This was kind of just a minor I-want-to-be-annoying
[20:14.590 --> 20:23.030]  feature. If a wafer were correctly positioned dead center, it would be substantially easier
[20:23.030 --> 20:29.770]  to tension than any of the other designs, because any tool that has equally length bits
[20:30.790 --> 20:36.350]  on either side would be sufficient to tension. Whereas that's not the case for any of the other
[20:36.350 --> 20:40.850]  positions. So I thought if I could take that out of the equation, that would make the lock
[20:40.850 --> 20:47.250]  just a little bit more secure. And the final problem that I ran into was reliability. So
[20:47.950 --> 20:54.110]  this is kind of related to the spring, what I was saying about springs earlier,
[20:54.110 --> 20:59.170]  but this is kind of just the idea that there shouldn't be a possible position that the
[20:59.170 --> 21:02.810]  wafers could get themselves into where you couldn't insert the key into the lock.
[21:04.230 --> 21:11.290]  Unfortunately, that's something I failed on. I couldn't balance making my lock without any
[21:11.290 --> 21:17.470]  springs, having it be self-scrambling, and have there been no possible positions which
[21:17.470 --> 21:22.790]  the wafers could get into where the key couldn't be inserted into the lock.
[21:23.190 --> 21:29.970]  That was just beyond my ability as a self-taught engineer to resolve.
[21:31.370 --> 21:39.890]  So, what I came up with. I used a 3D printed key. The lock itself contains seven wafers.
[21:40.550 --> 21:45.450]  The key is tip-stopped, and the key has a very mild profile,
[21:45.450 --> 21:50.550]  so you can't insert it the wrong way. And it will align both at the end
[21:53.070 --> 21:59.790]  and at the neck, basically, or at the collar of the key. So that helps with alignment.
[21:59.970 --> 22:10.490]  And it breaks itself open. So this was the most important thing that I learned when designing this,
[22:10.490 --> 22:16.650]  when I finally had it in my hands. You need two points of contact on a wafer in order to
[22:17.330 --> 22:24.330]  rotate it, or in order to tension with it. And that's all well and good in the opening direction,
[22:24.330 --> 22:30.650]  but I found as soon as I reversed the key, there was no more than one point of contact on any of
[22:30.650 --> 22:40.810]  the wafers, and so the key can't turn the core backwards. And so once you open it, it stays open.
[22:42.910 --> 22:48.890]  Which is a little bit unfortunate. But nevertheless,
[22:51.230 --> 22:55.330]  I'll do my best to make the files available for others to play with.
[22:56.350 --> 23:02.730]  Here are the four basic wafer shapes that I ended up creating, and they all work,
[23:02.730 --> 23:09.110]  in the open direction at least. On the bottom right, we have a full wafer. This is the bog
[23:09.110 --> 23:14.190]  standard wafer, and most closely resembles what you'd see in other kinds of wafer lock.
[23:14.830 --> 23:18.510]  On the bottom left, we have a half wafer. The idea being that
[23:20.430 --> 23:26.450]  it's missing one half of the surface, so the key can't tension off this wafer in order to drive
[23:26.450 --> 23:33.870]  the core around, but it still needs to align that wafer correctly in order for the lock to open. So
[23:35.270 --> 23:39.050]  that makes it a little bit harder to attack, because this wafer would be much harder to
[23:39.050 --> 23:46.050]  tension than a full wafer. Up here on the top right, we have a split wafer that doesn't have
[23:46.190 --> 23:53.710]  a limit on it at either end. So this basically functions like two half wafers. So you need to
[23:53.710 --> 23:59.430]  align both of them correctly, and they're actually different cuts for each of them.
[24:01.470 --> 24:08.570]  And then lastly, in the top left, we have the limited split wafer, which
[24:10.550 --> 24:18.210]  requires that the key be the correct length in order to drive both these halves together,
[24:18.210 --> 24:26.810]  so that their total length is the same as the core is wide. But they also need to be aligned
[24:26.810 --> 24:32.330]  correctly left to right. And the hope was that that would be particularly difficult
[24:32.330 --> 24:36.910]  to manipulate, and I want to see how that bound up when it did.
[24:40.750 --> 24:49.490]  So my analysis of it. You can't easily decode it, and it does work in the opening direction.
[24:49.490 --> 24:51.070]  It does self-scramble,
[24:56.210 --> 25:02.110]  and it might be non-trivial to destroy if it weren't made of three millimeter plywood sections.
[25:03.330 --> 25:07.610]  But all in all, probably not something you're going to want to use
[25:07.610 --> 25:12.470]  in a safe, especially not when you could use something like this.
[25:13.630 --> 25:20.630]  So this is really the inspiration for my design, and I'm not going to claim any great originality
[25:20.630 --> 25:26.510]  with what I created. I was hoping to just create a simplified version of this.
[25:27.410 --> 25:34.050]  So I'll give you some basic details about it. It's 68 millimeters across, and it weighs 730 grams.
[25:34.050 --> 25:41.890]  It is not a small lock. It contains 11 wafers, which from a brief reading of the key,
[25:41.890 --> 25:45.230]  have at least seven possible cuts per position.
[25:46.370 --> 25:52.250]  There may be more. In practice, there are probably fewer in lots of positions, because
[25:52.250 --> 25:56.850]  although in theory any of the layers are completely interchangeable,
[25:56.850 --> 26:06.430]  in practice, at least for the ones that I have seen and that Jaco analyzed in his talk,
[26:06.430 --> 26:13.290]  there seem to be certain patterns of wafers where some of them don't actually vary very often in
[26:13.290 --> 26:22.850]  position or cut. So two things to note about my Chroma lock. One, it's not made by Chroma.
[26:23.150 --> 26:28.990]  I suspect heavily that it is made by Carl Wittkop or Carvey, which is a German safe manufacturer,
[26:30.270 --> 26:36.190]  presumably under license. And the second detail is that I'm pretty sure that my
[26:36.190 --> 26:41.510]  Chroma Protector is not the latest version of Chroma Protector. However,
[26:43.290 --> 26:46.790]  this was the same Chroma Protector as Jaco was covering in his talk,
[26:46.790 --> 26:52.230]  and so I feel pretty happy that there's still some benefit worth looking at this.
[26:54.270 --> 26:58.250]  So we'll start by looking at the key, because the key is pretty complicated.
[26:59.610 --> 27:06.070]  And there are a whole bunch of details to pick out. Here are the seven that I've decided to pick
[27:06.070 --> 27:13.930]  out. So the Chroma Protector has a post. So it's basically got a large spike that runs the length
[27:13.930 --> 27:19.090]  of the lock down the center, which helps align the key, but also removes space that you'd want
[27:19.090 --> 27:22.790]  if you were going to design a tool to fit into the keyway and to manipulate the wafers.
[27:25.230 --> 27:32.530]  It's also got this ramp. And if you design a tool to fit inside the lock that doesn't have this ramp,
[27:32.530 --> 27:38.390]  what you'll find is that one of the wafers has a portion of it that sticks into the keyway,
[27:38.390 --> 27:41.710]  and so you won't be able to insert your tool all the way into the lock
[27:43.990 --> 27:50.790]  unless you simulate this ramp. And interestingly, at least in principle,
[27:50.790 --> 27:55.910]  if you were designing a tool, you'd need to have that ramp on both sides so that you can
[27:55.910 --> 28:02.170]  push the tool in and pull it back out, back past that little ledge on that wafer when that
[28:02.170 --> 28:07.290]  wafer springs back into position. But the problem you're going to run into
[28:09.570 --> 28:16.410]  is that this ramp is the same width as one cut. So if you're designing a tool,
[28:16.410 --> 28:19.650]  what you really want is you want a tool that allows you to manipulate wafers individually.
[28:19.650 --> 28:22.230]  You don't want to have a tool that's so thick that it's going to manipulate
[28:22.790 --> 28:26.670]  two wafers at a time. That would make it phenomenally difficult to position
[28:26.670 --> 28:38.090]  each one of them individually correctly. So you'd be in a bit of a bind in terms of
[28:38.090 --> 28:42.470]  how to handle this ramp. The last option would be to create a half-height ramp
[28:44.030 --> 28:47.690]  and make your tool a little bit smaller than the total space that you've got.
[28:49.130 --> 28:51.670]  But again, that's not really ideal.
[28:53.910 --> 28:57.990]  Then we've got these angled cuts which, to the best of my knowledge, are just there to make
[28:57.990 --> 29:06.210]  key duplication harder because, as I mentioned way back near the beginning of the talk,
[29:06.210 --> 29:09.650]  key duplication is one of the possible methods of surreptitious entry.
[29:09.810 --> 29:14.330]  So for a high security lock, you want to make key duplication as difficult as possible.
[29:14.890 --> 29:18.990]  So those angled cuts look like they're about 45 degrees. I haven't measured,
[29:18.990 --> 29:23.950]  but they look like they're about 45 degrees and they make key duplication much harder.
[29:24.490 --> 29:30.210]  There's also this weird angled cut. If you look closely, you can see that each of these
[29:30.210 --> 29:37.510]  other cuts on the key are horizontal except this one. And this one actually cuts across
[29:37.510 --> 29:45.730]  more than one wafer and engages a flexible portion on the corresponding wafer,
[29:45.730 --> 29:51.610]  which I believe is wafer 9 in this particular case. Again, I believe this is for key duplication
[29:52.150 --> 29:58.110]  because, from what Jaakko said about chroma protectors that he's looked at,
[29:58.110 --> 30:07.030]  it's not been necessary to have that cut on a tool. And that's also definitely the case for my lock.
[30:07.890 --> 30:12.490]  But still, it's another interesting feature that would make duplicating this key very,
[30:12.490 --> 30:20.550]  very tricky. I've got these partial radial cuts which cut into the bitting of the key,
[30:20.550 --> 30:27.570]  but not all the way through. And again, there's a potential there to make key
[30:27.570 --> 30:34.890]  duplication much harder if they truly need to be cut out in order to allow correct alignment
[30:34.890 --> 30:39.310]  of the wafer. You could probably, in most cases, get away with this and not worry about it if you
[30:39.310 --> 30:45.890]  were designing a tool to manipulate the wafers, but this is yet another thing to worry about if
[30:45.890 --> 30:54.350]  you were going to try and copy one of these keys. Then we've got what is probably the most
[30:54.350 --> 31:02.070]  interesting feature, I would say, on the lock, or sorry, on the key for me, which is this undercut.
[31:02.810 --> 31:10.490]  And this undercut is a cut that's made so deeply that it cuts into the actual shank of the key.
[31:11.690 --> 31:17.530]  And so when you insert the key, the particular portion of the wafer that engages with this
[31:17.530 --> 31:23.890]  undercut first has to meet this ramp, and so you need this sort of slot on the key.
[31:25.350 --> 31:31.390]  And if it's able to, it'll travel all the way up, and it'll stop when the key is fully seated
[31:31.390 --> 31:36.630]  in line with the undercut, and then as you turn the key, the undercut will pass through the
[31:37.130 --> 31:44.490]  interposition. Now, that doesn't actually mean that you couldn't design a tool that uses the
[31:44.490 --> 31:52.990]  whole shank space, but you could design the undercut to cut so deeply that it even cuts
[31:52.990 --> 31:57.810]  all the way through to the post. And if you did that, the key would have a hole in it,
[31:57.810 --> 32:03.730]  which wouldn't be a big deal for the key because it's solid, and that would only be one tiny weak
[32:03.730 --> 32:07.890]  point that would be relatively well supported. But if you're going to design a tool and that
[32:07.890 --> 32:13.790]  undercut could be in any position, well, that's a tricky problem to design around,
[32:13.790 --> 32:17.630]  and it would multiply the number of tools that you would reasonably need in order to
[32:17.630 --> 32:23.170]  open this lock. Now remember, you'd need to line one of those wafers up correctly in order to
[32:23.170 --> 32:29.570]  tension the lock anyway. So you'd need seven different tips on your tool, and you might need
[32:29.570 --> 32:35.390]  several different shafts, and it might not be possible to create those separately and viably,
[32:35.390 --> 32:43.750]  so assuming you had seven different ends and 11 wafers where that undercut could exist,
[32:43.750 --> 32:49.070]  well, that's 77 different tools that you'd need to bring on a job of which only one of them will
[32:49.070 --> 32:57.430]  work. So this is a huge exaggeration of the problem, which would hugely increase the amount
[32:57.430 --> 33:03.450]  of time it would take in order to reliably manipulate open one of these locks, even if
[33:03.450 --> 33:11.970]  you did have a tool that could do it. And finally, we have this dimpled cut. Now, Jaakko didn't
[33:11.970 --> 33:18.870]  actually have an answer... Jaakko didn't actually have an answer to this in his talk as to what it's
[33:18.870 --> 33:25.070]  there for. And I should point out, I am not an expert on this lock. That title almost certainly
[33:25.070 --> 33:34.310]  belongs to some German safe mechanic. But I can offer a theory. And that theory is that
[33:34.930 --> 33:41.490]  the fourth wafer in the Chromium Protector handles counter-rotation. So the Chromium
[33:41.490 --> 33:46.870]  Protector handles counter-rotation by allowing essentially the full movement of the key to about
[33:46.870 --> 33:53.270]  45 degrees within the lock. And so at any point that you are opening the lock, you can turn the
[33:53.270 --> 34:03.010]  key back basically the whole way, or back basically 45 degrees. If you do that, then
[34:03.990 --> 34:09.350]  what you'll find is that the fourth wafer in this particular case, it's cut so that it
[34:09.350 --> 34:14.210]  makes contact with both sides of the key simultaneously. And that wafer handles the
[34:14.210 --> 34:21.070]  counter-rotation of the core, which is the missing element in the lock that I created.
[34:22.910 --> 34:28.050]  However, if you don't have this dimpled cut on this surface of the key,
[34:29.150 --> 34:33.450]  then what happens when you attempt to turn the lock, to turn the key backwards in the lock, is
[34:33.450 --> 34:39.530]  that you actually make contact with a protrusion on wafer number nine before the key makes contact
[34:39.530 --> 34:45.870]  on two points with wafer number four. And so exactly the same, at least in theory, as with my
[34:45.870 --> 34:51.670]  lock, you'd be trapped in a position where you only have one point of contact with any wafer in
[34:51.670 --> 34:57.050]  the lock, and so you can't easily counter-rotate the lock, because the harder you turn backwards,
[34:57.050 --> 35:03.110]  the harder you force the wafer against the side of the housing, and the greater the frictional forces.
[35:04.610 --> 35:08.930]  So my theory is that this is another trap when it comes to key duplication,
[35:08.930 --> 35:15.070]  where if you failed to replicate that sufficiently well,
[35:15.070 --> 35:18.530]  what would happen is that even though you may have a key that opens the lock,
[35:18.530 --> 35:23.530]  you then wouldn't be able to remove the key from the lock, and so the key would
[35:25.110 --> 35:29.470]  remain inside the lock, and the lock would still be tamper-evident,
[35:29.470 --> 35:33.970]  even though it had been successfully defeated, which was one of the requirements for a high
[35:33.970 --> 35:44.670]  security lock. To move away from the key and back to the lock, let's take a look at the keyway.
[35:44.670 --> 35:51.710]  There is no core that you can tension up. This is a solid plate that's held in with three screws.
[35:55.800 --> 36:01.260]  There is no way to tension the lock directly around the keyway, and in the center you can
[36:01.260 --> 36:09.680]  see the poster, which matches the hole in the key, and you can start to see some of the different
[36:09.680 --> 36:17.200]  shapes of the wafers through the keyway. Here it is with that top layer taken off,
[36:17.200 --> 36:22.920]  and so we can see the top layer, layer 11, which is one of those split wafers, and it's the only
[36:22.920 --> 36:29.520]  wafer, or set of wafers in this lock, the only layer that isn't actually sprung.
[36:32.240 --> 36:37.540]  And we can kind of see looking down that we have, here's the little portion that sticks out that
[36:37.540 --> 36:44.420]  engages with the ramp, and this little slightly curved portion is the portion that engages with
[36:44.420 --> 36:50.740]  the weird angled cut. And you can sort of see that every single wafer all the way down is very
[36:50.740 --> 36:58.440]  differently shaped. And so as a result, it's very, very difficult to look at them and try and discern
[36:58.440 --> 37:05.460]  any kind of meaningful pattern in order to decode which position that wafer might need to be placed
[37:05.460 --> 37:14.430]  in order to open the lock. Having now covered the basic idea behind the wafers, and without
[37:14.430 --> 37:19.210]  digging too much into how each of them works, there are two wafers that I'm going to draw
[37:19.210 --> 37:27.310]  particular focus to. The first wafer is number 7 in my lock, which has a square cut out in one
[37:27.310 --> 37:33.030]  corner of the wafer end. This effectively acts a bit like a false gate does on a traditional
[37:33.030 --> 37:39.730]  on traditional slide locks, albeit less effectively. And this is one of the reasons why I think false
[37:39.730 --> 37:47.630]  gates spooling and serrations aren't so simple when it comes to wafer locks. For this cut out
[37:47.630 --> 37:53.110]  to have an effect, all the other wafers would first have to be set correctly, and then the
[37:53.110 --> 37:58.010]  core will turn partially and stop getting caught in this cut out. Sounds like it'd hamper an attacker
[37:58.010 --> 38:04.530]  pretty effectively, right? Except there's no way for the other wafers to counter-rotate the core.
[38:05.110 --> 38:10.470]  The wafer itself supplies no counter-rotation either, because it can't with the notch squared
[38:10.470 --> 38:16.270]  off. And what this means is that an attacker needs only to keep pushing on the wafers until they
[38:16.270 --> 38:21.410]  finally fall into place. They can't lose progress towards getting the lock open, they can only really
[38:21.410 --> 38:29.910]  gain progress. So that was the boring detail of the two. The other one reveals what I think
[38:29.910 --> 38:36.930]  personally is the Achilles heel of all wafer locks design's tension of the wafers. And yes, I think
[38:36.930 --> 38:43.310]  they're high security, but I still think they do have a fundamental problem, and it's a very difficult
[38:43.310 --> 38:49.570]  one to grapple with. And I think that problem is essentially getting the lock to counter-rotate
[38:49.570 --> 38:57.650]  open again when you're using those wafers to tension the lock to open it. I mean, of course
[38:57.650 --> 39:04.310]  I think that, right? Because that's the design feature that I overlooked in my own design, right?
[39:05.930 --> 39:09.810]  But I then did a lot of thinking about how to solve that problem.
[39:10.870 --> 39:16.250]  So the animation on the left here is the most obvious and basic approach to solving that
[39:16.250 --> 39:23.470]  problem. You've kind of got this like bow tie or hourglass style cutout, and essentially
[39:24.810 --> 39:31.250]  any bit on the key when turned, in this case 45 degrees, will begin to tension the lock.
[39:32.310 --> 39:36.970]  And as long as nothing blocks the key when it's counter-rotating,
[39:37.830 --> 39:39.950]  you can counter-rotate or make contact on
[39:41.790 --> 39:47.810]  two surfaces again, and it'll counter-rotate really smoothly. The only problem with this is
[39:47.810 --> 39:54.510]  this wafer doesn't have the freedom to move at all, and so it'll trivially...
[39:55.810 --> 40:02.610]  it'll allow the lock to be tensioned trivially, which undoes the whole point in designing the
[40:02.610 --> 40:09.050]  lock to tension off the wafers in the first place. So the way they've tried to do this
[40:09.050 --> 40:14.610]  in the chroma is a little bit more complicated than that. If you take a look at the animation
[40:14.610 --> 40:19.970]  on the right hand side, this is the exact same animation as the one on the left, just with a
[40:19.970 --> 40:26.430]  little bit more material cut away. It still functions in exactly the same way, but hopefully
[40:26.430 --> 40:32.610]  you can see the similarities between the animation on the right hand side and wafer number four in
[40:32.610 --> 40:42.160]  my chroma lock. The only difference between the animation on the right and the actual wafer in
[40:42.160 --> 40:49.740]  my lock is that in the top right hand corner they haven't given the same surface to tension off as
[40:49.740 --> 40:57.980]  in the animation. They've got a surface which the key needs to touch and move laterally into the
[40:57.980 --> 41:07.420]  position. But when you design the wafer this way, what you'll find is that the
[41:08.140 --> 41:15.200]  the prong that sticks out here on the bottom right hand side
[41:17.800 --> 41:22.660]  obstructs the keyway. And in fact you might even be able to see this kind of darker portion on it
[41:22.660 --> 41:27.760]  where that surface has kind of been rubbed away a little bit or has become worn. And the reason
[41:27.760 --> 41:34.380]  for that is this is the portion of the wafer that makes contact with the ramp on the key.
[41:36.520 --> 41:43.880]  And so the real reason to have the ramp is to correctly, well to allow the key to enter the
[41:43.880 --> 41:50.610]  lock while not having to have this counter rotation wafer already set in the correct position.
[41:53.030 --> 42:02.050]  Attacking wise though, these two surfaces on the key need to engage at the same time.
[42:03.150 --> 42:09.830]  So if you have any tool which is equally lengthed and you counter rotate in the wrong direction
[42:09.830 --> 42:16.650]  deliberately, you will align this wafer correctly. And if you had some kind of method of then
[42:17.730 --> 42:22.950]  identifying how far away the surface is that the key would have to make contact with in order to
[42:22.950 --> 42:31.730]  tension it clockwise, then you'd know the correct position of at least one wafer and you could
[42:31.730 --> 42:45.810]  decode that. And that would allow you to tension the lock. So ultimately is this lock impossible
[42:45.810 --> 42:54.090]  to breach or manipulate or pick? No, there have been reports of people managing it, at least
[42:54.090 --> 43:01.370]  against some versions of the lock, even if there aren't any recordings on YouTube. But this is also
[43:01.630 --> 43:07.070]  a phenomenally high security lock. It is hugely drill resistant, it uses a special plate right at
[43:07.070 --> 43:11.370]  the bottom of the keyway to add extra drill resistance on top of the already significant
[43:11.370 --> 43:18.650]  resistance of the plates that sit on top of the lock and effectively function as the faceplate.
[43:20.850 --> 43:30.790]  The kind of totally patternless way that most of the inside surfaces of all the wafers have
[43:30.790 --> 43:37.050]  been cut away means that it's incredibly difficult to decode. And in a best case scenario, if you had
[43:37.550 --> 43:44.430]  huge number of samples, thousands of these locks, then you'd be able to maybe carry out some kind
[43:44.430 --> 43:51.050]  of decoding. In a worst case scenario, for the attacker at least, what will be happening at the
[43:51.050 --> 43:56.670]  factory is they will truly do something to randomize all of those shapes and so there will
[43:56.670 --> 44:03.850]  never be a pattern no matter how many samples you collect. There's no way for us to easily
[44:03.850 --> 44:14.950]  work out which one is the case, but it does seem like it would take a phenomenal amount
[44:14.950 --> 44:22.410]  of resources to work out how to decode one of these locks. I didn't really discuss the blow
[44:22.410 --> 44:32.130]  ring at all, but that's something to discuss. So around the back of the lock is a... if we can go
[44:36.090 --> 44:44.580]  back... oh boy, okay, that's a bit further than I want to go back. Right, so there we go.
[44:45.440 --> 44:51.780]  The brass ring that sits around the outer edge of this lock is the blow ring. And from my
[44:51.780 --> 44:57.040]  understanding, the way that it's designed is so that if you pack the middle of the lock through
[44:57.040 --> 45:03.200]  the keyway with explosive, which is one of the big downsides of keyed safe locks, is that you
[45:03.200 --> 45:10.620]  can pack them full of explosive. When you detonate that explosive to create high pressure to tear
[45:10.620 --> 45:17.160]  the lock apart, rather than the entire lock completely tearing itself to pieces, what happens
[45:17.160 --> 45:24.300]  instead is the blow ring gives way under the high pressure before the lock actually does dismantle
[45:24.300 --> 45:31.360]  itself, since the blow ring is much softer metal than the rest of the body.
[45:33.140 --> 45:38.260]  And so what will happen is you'll end up fusing together all the various wafers in the middle
[45:38.260 --> 45:47.080]  into one horrible blob, and the lock won't be opened. And so at that point the only option
[45:47.080 --> 45:52.340]  would be to completely obliterate the lock. And considering this is normally used in
[45:52.980 --> 45:57.940]  high security containers or vaults, this sort of thing, that means you have to go through the
[45:57.940 --> 46:13.250]  entire surface of that vault or container, which will be no easy feat. And that brings me
[46:13.250 --> 46:19.950]  on to the the final point, which is the super super tight tolerances. So I've attempted to
[46:20.630 --> 46:26.170]  manipulate my lock with the face cover removed and applying direct tension to the core, which
[46:26.170 --> 46:31.610]  obviously is cheating, right? You wouldn't be able to do that if the lock were actually
[46:31.610 --> 46:42.230]  installed in a container. But even doing that, even basically ignoring the main security feature
[46:42.230 --> 46:48.330]  that the lock has, and attempting to manipulate it like that, the tolerances are so incredibly tight
[46:49.030 --> 46:58.390]  that with even more than two or three wafers, I can't manipulate the lock and have the wafers
[46:58.390 --> 47:03.730]  hold in place even when they bind. They do bind, and it's possible to detect that with enough
[47:03.730 --> 47:08.850]  force, and it's possible to move them into position, but they drop really really easily,
[47:10.050 --> 47:19.090]  which makes it phenomenally hard to manipulate. And all in all, I would say this is a phenomenally
[47:19.090 --> 47:27.150]  secure lock. And it largely achieves the goals that high security locks have.
[47:28.390 --> 47:35.610]  And it's a wafer lock. So clearly, there is some potential for wafer locks to provide security
[47:36.970 --> 47:44.110]  that we're looking for in high security locks in a way that isn't perhaps as inherent to,
[47:44.110 --> 47:47.650]  for example, pin tumble locks. I can't think of a pin tumble lock that has a comparable
[47:48.350 --> 47:52.490]  challenge with tensioning or manipulation.
[47:55.550 --> 48:02.710]  So there we go. Hopefully I've convinced you that while lots of wafer locks are low security,
[48:04.350 --> 48:07.690]  the wafer lock principle itself, especially when you have
[48:08.430 --> 48:13.130]  the key tension, the wafers, which then tensions the core,
[48:13.130 --> 48:20.130]  is actually really really quite high security, and it's got great potential to deliver
[48:21.230 --> 48:25.430]  a much higher security solution than other types of lock design.
[48:28.810 --> 48:33.090]  So hopefully you learned something. Hopefully I convinced you.
[48:33.310 --> 48:39.870]  And I presume now we will lead into the question and answer section. Thank you very much.
